By Laura Haight
Originally published as The Digital Maven column in Upstate Business Journal, Greenville, SC
Last week, the National Institute of Standards and Technology released its draft of a national framework for cybersecurity. Booooring, right? And there lies the problem at the core of our biggest vulnerability - ourselves.
In June 2010, Ret. Admiral Mike McConnell - former chief of national intelligence and Greenville native - warned that US adversaries have the capability to bring down the US power grid and that the “United States is not prepared for such an attack.”
Perhaps those same adversaries sent a canary into the coal mine three years later when in June 2013, Department of Energy databases were hacked and data on roughly 104,000 federal employees, contractors and dependents was compromised. It’s a scenario that is starting to sound frighteningly familiar.
Across the board, these frameworks, guidelines and takeaways from hacking incidents great and small, reinforce one very basic fact that there is just no getting away from: No one can protect you from yourself. The strongest code, the highest level of encryption, the most bullet-proof servers can easily be defeated by an authenticated user clicking on something they should have deleted; installing something they should have ignored or giving access authority to an application without understanding what they are doing.
That is the message from IT pros I talked to recently about mobile security, like Ashley Yellachich, of Yella-Soft, a Greenville software developer and web programming company.
“You can’t become a digital recluse,” warns Yellachich. “Even if you cut yourself off, you are connected to others. Everything is connected. i know that is very conspiracy theory-ish.”
Yellachich sometimes makes her point with clients by hacking into their cell phones during meetings. “You have to understand that you don't have control over it (the technology) anymore and the best thing you can do is educate yourself and learn how to protect yourself.”
For businesses from corner bakeries to manufacturers, you need a cyber security plan. The FCC has a planning guide that does a great job of compiling key poicies and resources for businesses to create their own programs. But the key to any set of policies working is that employees understand them and that they are enforced.
For businesses or individuals, here are some keys to better digital security.
1. Password security is important. But Yellachich says, email addresses are even more important. While you may have dozens of passwords, most people have only one or two email addresses. Once a hacker has that, they are halfway to taking over your life and your finances. Get an email address that you don’t use for anything but your financial accounts. Make the password scary-long and complex so there’s no way you’ll remember it. Yellachich says “write it down and lock it in your safe”. You only need to enter this password once - when you set up the account in your email program. Segment this email from other applications. And use it only to receive email from your financial institutions. Never send email from this account.
2, Hackers thrive on finding bits of personal information about you and then putting it together to enable them to crack into your accounts. Web sites ask you security questions to help them authenticate you. Do not give them the right information, like your mother’s real maiden name or your first pet’s real name. Will they be harder to remember, yes they will. That is the point. “The best protection,” says Yellachich, “is obscurity.”
3. Never use public wifi. Although a big selling point for cities like Greenville and businesses like Panera Bread and Starbucks, there’s a balance between security and convenience. If your business has you on the go, invest in a Mi-Fi device that can create a secure VPN (virtual private network).
4. Have a throwaway email address and use this for online browsing and shopping.
5. Use a good password keeper that has very strong security on their end AND offers two-factor authentication on the user end. Make sure to use a different password for every login you have (now you see why you need a password program). My preference: LastPass.
There are significant dangers in the digital world but we can’t turn back and abandon all the advantages either. Somehow, we learned to lock our car doors, not to talk to strangers on the street, and to be cautious about flashing wads of money around. Time for us all to take responsibility for our own actions and be the best, last defense against hackers instead of the weakest link in the chain.